Cisco backs test to help classical crypto outlive quantum computers

Cisco and quantum security outfit Isara reckon they've got at least as far as alpha stage in one problem of the future: securing public key certificates against quantum computers.

“Quantum computers will break cryptography” is a popular mass media trope, but the big brains of crypto have been aware of the risk for some time. Academics have therefore pondered quantum-safe crypto schemes for some time.

Deployments are less common at this stage, which is why the Cisco-Isara PQPKI test caught Vulture South's attention.

The PQPKI test acts as a TLS 1.2 server with post-quantum authentication certificates implemented as one of the ciphersuites available to sign the certificate.

As the partners explained at the test site, America's National Institute for Science and Technology has a post-quantum crypto project with around 70 submissions. However, “Most of these schemes have significantly larger public key and/or signature sizes than the ones used today. There are concerns about the effect their size and processing cost would have on technologies using X.509 certificates today, like TLS and IKEv2”.

The PQPKI test has adopted a hybrid approach to the problem, allowing certificates to be tested using post-quantum schemes if machines support them, but falling back to traditional certificate checks if not.

A hybrid scheme would also save certificate authorities and users from having to run duplicate systems, Isara explained.

Cisco's Panos Kampanakis said: “Once the quantum-safe algorithms are standardised, we may have a very short time frame in order to migrate our systems.”

Isara added that the test server used “Leighton Micali Scheme (LMS) stateful hash-based digital signatures” (described at the International Association for Cryptologic Research in this paper, co-authored by Isara's Edward Eaton).

Another scheme, SPHINCS+, is planned for a second phase of the test. ®